Biblio

Recently, the semiconductor counterfeiting has become a serious problem. To counter this problem, Physical Unclonable Function (PUF) has been attracted attention. However, the risk of machine learning attacks for PUF is pointed out. To verify the safety of PUF, the evaluation (tamper resistance) against machine learning attacks in the difference of PUF implementations is very important. However, the tamper resistance evaluation in the difference of PUF implementation has barely been reported. Therefore, this study evaluates the tamper resistance of PUF in the difference of field programmable gate array (FPGA) implementations against machine learning attacks. Experiments using an FPGA clarified the arbiter PUF of the lookup table implementation has the tamper resistance against machine learning attacks.

Fast IPv4 scanning has enabled researchers to answer a wealth of new security and measurement questions. However, while increased network speeds and computational power have enabled comprehensive scans of the IPv4 address space, a brute-force approach does not scale to IPv6. Systems are limited to scanning a small fraction of the IPv6 address space and require an algorithmic approach to determine a small set of candidate addresses to probe. In this paper, we first explore the considerations that guide designing such algorithms. We introduce a new approach that identifies dense address space regions from a set of known "seed" addresses and generates a set of candidates to scan. We compare our algorithm 6Gen against Entropy/IP—the current state of the art—finding that we can recover between 1–8 times as many addresses for the five candidate datasets considered in the prior work. However, during our analysis, we uncover widespread IP aliasing in IPv6 networks. We discuss its effect on target generation and explore preliminary approaches for detecting aliased regions.

Destination IP prefix-based routing protocols are core to Internet routing today. Internet autonomous systems (AS) possess fixed IP prefixes, while packets carry the intended destination AS's prefix in their headers, in clear text. As a result, network communications can be easily identified using IP addresses and become targets of a wide variety of attacks, such as DNS/IP filtering, distributed Denial-of-Service (DDoS) attacks, man-in-the-middle (MITM) attacks, etc. In this work, we explore an alternative network architecture that fundamentally removes such vulnerabilities by disassociating the relationship between IP prefixes and destination networks, and by allowing any end-to-end communication session to have dynamic, short-lived, and pseudo-random IP addresses drawn from a range of IP prefixes rather than one. The concept is seemingly impossible to realize in todays Internet. We demonstrate how this is doable today with three different strategies using software defined networking (SDN), and how this can be done at scale to transform the Internet addressing and routing paradigms with the novel concept of a distributed software defined Internet exchange (SDX). The solution works with both IPv4 and IPv6, whereas the latter provides higher degrees of IP addressing freedom. Prototypes based on Open vSwitches (OVS) have been implemented for experimentation across the PEERING BGP testbed. The SDX solution not only provides a technically sustainable pathway towards large-scale traffic analysis resistant network (TARN) support, it also unveils a new business model for customer-driven, customizable and trustable end-to-end network services.

Every 98 seconds an American is sexually assaulted. Our work explores the use of on-body sensors to detect, communicate and prevent sexual assault. We present a stick-on clothing sensor which responds to initial signs of sexual assault such as disrobing to deter sexual abuse. The smart clothing operates in two modes: an active mode for instances when the victim is unconscious, and a passive mode where the victim can self-actuate the safety mechanism. Both modes alert the victim's friends and family, actuate an auditory alarm, activate odor-emitting capsules to create an immediate repulsion effect, and call emergency services. Our design is based on input from sexual assault survivors and college students who evaluated the clothing for aesthetic appeal, functionality, cultural sensitivity and their sense of personal safety. We show the practicality of our unobtrusive design with two user studies to demonstrate that our techno-social approach can help improve user safety and prevent sexual assault.

The TLS protocol is the primary technology used for securing web transactions. It is based on X.509 certificates that are used for binding the identity of web servers' owners to their public keys. Web browsers perform the validation of X.509 certificates on behalf of Web users. Our previous research in 2009 showed that the validation process of Web browsers is inconsistent and flawed. We showed how this situation might have a negative impact on Web users. From 2009 until now, many new X.509 related standards have been created or updated. In this paper, we performed an increased set of experiments over our 2009 study in order to highlight the improvements and/or regressions in Web browsers' behaviours.

Continuously improving security on an information system requires unique combination of human aspect, policies, and technology. This acts as leverage for designing an access control management approach which avails only relevant parts of a system according to an end-users' scope of work. This paper introduces a framework for information security fundamentals at organizational and theoretical levels, to identify critical success factors that are vital in assessing an organization's security maturity through a model referred to as “information security digital divide maturity framework”. The foregoing is based on a developed conceptual framework for information security digital divide. The framework strives to divide system end-users into “specific information haves and have-nots”. It intends to assist organizations to continually evaluate and improve on their security governance, standards, and policies which permit access on the basis of each end-user's work scope. The framework was tested through two surveys targeting 90 end-users and 35 security experts.

Cloud Data Center (CDC) security remains a major challenge for business organizations and takes an important concern with research works. The attacker purpose is to guarantee the service unavailability and maximize the financial loss costs. As a result, Distributed Denial of Service (DDoS) attacks have appeared as the most popular attack. The main aim of such attacks is to saturate and overload the system network through a massive data packets size flooding toward a victim server and to block the service to users. This paper provides a defending system in order to mitigate the Denial of Service (DoS) attack in CDC environment. Basically it outlines the different techniques of DoS attacks and its countermeasures by combining the filtering and detection mechanisms. We presented an analytical model based on queueing model to evaluate the impact of flooding attack on cloud environment regarding service availability and QoS performance. Consequently, we have plotted the response time, throughput, drop rate and resource computing utilization varying the attack arrival rate. We have used JMT (Java Modeling Tool) simulator to validate the analytical model. Our approach was appeared powerful for attacks mitigation in the cloud environment.

Attacks on web services are major concerns and can expose organizations valuable information resources. Despite there are increasing awareness in secure programming, we still find vulnerabilities in web services. To protect deployed web services, it is important to have defense techniques. Signaturebased Intrusion Detection Systems (IDS) have gained popularity to protect applications against attacks. However, signature IDSs have limited number of attack signatures. In this paper, we propose a Genetic Algorithm (GA)-based attack signature generation approach and show its application for web services. GA algorithm has the capability of generating new member from a set of initial population. We leverage this by generating new attack signatures at SOAP message level to overcome the challenge of limited number of attack signatures. The key contributions include defining chromosomes and fitness functions. The initial results show that the GA-based IDS can generate new signatures and complement the limitation of existing web security testing tools. The approach can generate new attack signatures for injection, privilege escalation, denial of service and information leakage.

One of the main concerns of Cloud storage solutions is to offer the availability to the end user. Thus, addressing the mobility needs and device's variety has emerged as a major challenge. At first, data should be synchronized automatically and continuously when the user moves from one equipment to another. Secondly, the Cloud service should offer to the owner the possibility to share data with specific users. The paper's goal is to develop a secure framework that ensures file synchronization with high quality and minimal resource consumption. As a first step towards this goal, we propose the SyncDS protocol with its associated architecture. The synchronization protocol efficiency raises through the choice of the used networking protocol as well as the strategy of changes detection between two versions of file systems located in different devices. Our experiment results show that adopting the Hierarchical Hash Tree to detect the changes between two file systems and adopting the WebSocket protocol for the data exchanges improve the efficiency of the synchronization protocol.

Today the cloud plays a central role in storing, processing, and distributing data. Despite contributing to the rapid development of IoT applications, the current IoT cloud-centric architecture has led into a myriad of isolated data silos that hinders the full potential of holistic data-driven analytics within the IoT. In this paper, we present a blockchain-based design for the IoT that brings a distributed access control and data management. We depart from the current trust model that delegates access control of our data to a centralized trusted authority and instead empower the users with data ownership. Our design is tailored for IoT data streams and enables secure data sharing. We enable a secure and resilient access control management, by utilizing the blockchain as an auditable and distributed access control layer to the storage layer. We facilitate the storage of time-series IoT data at the edge of the network via a locality-aware decentralized storage system that is managed with the blockchain technology. Our system is agnostic of the physical storage nodes and supports as well utilization of cloud storage resources as storage nodes.

Recent years have seen a trend towards decentralisation - from initiatives on decentralized web to decentralized network infrastructures. In this position paper, we present an architectural vision for decentralising cloud service infrastructures. Our vision is on community cloud infrastructures on top of decentralised access infrastructures i.e. community networks, using resources pooled from the community. Our architectural vision considers some fundamental challenges of integrating the current state of the art virtualisation technologies such as Software Defined Networking (SDN) into community infrastructures which are highly unreliable. Our proposed design goal is to include lightweight network and processing virtualization with fault tolerance mechanisms to ensure sufficient level of reliability to support local services.

We discuss the use of formal modeling to discover potential attacks on Cyber-Physical systems, in particular Industrial Control Systems. We propose a general approach to achieve that goal considering physical-layer interactions, time and state discretization of the physical process and logic, and the use of suitable attacker profiles. We then apply the approach to model a real-world water treatment testbed using ASLan++ and analyze the resulting transition system using CL-AtSe, identifying four attack classes. To show that the attacks identified by our formal assessment represent valid attacks, we compare them against practical attacks on the same system found independently by six teams from industry and academia. We find that 7 out of the 8 practical attacks were also identified by our formal assessment. We discuss limitations resulting from our chosen level of abstraction, and a number of modeling shortcuts to reduce the runtime of the analysis.

Cyber-physical systems have shown to be susceptible to cyber-attacks. Incidents such as Stuxnet Attack and Ukraine power outage have shown that attackers are capable of penetrating into industrial control systems, compromising PLCs, and sending false commands to physical devices while reporting normal sensing values. Therefore, one of the critical needs of CPS is to ensure the validity of the sensor values. In this paper, we explore path diversity in SCADA networks and develop Path Redundancy to improve data validity. The proposed solution is shown to be able to effectively prevent data integrity attacks and detect false command attacks from a single compromised path or PLC. We provide detailed analysis on solution design and implement an application of the technique in building automation networks. Our cost-efficient and easy-to-deploy solution improves the resilience of SCADA networks.

Ensuring the reliability of applications is becoming an increasingly important challenge as high-performance computing (HPC) systems experience an ever-growing number of faults, errors and failures. While the HPC community has made substantial progress in developing various resilience solutions, it continues to rely on platform-based metrics to quantify application resiliency improvements. The resilience of an HPC application is concerned with the reliability of the application outcome as well as the fault handling efficiency. To understand the scope of impact, effective coverage and performance efficiency of existing and emerging resilience solutions, there is a need for new metrics. In this paper, we develop new ways to quantify resilience that consider both the reliability and the performance characteristics of the solutions from the perspective of HPC applications. As HPC systems continue to evolve in terms of scale and complexity, it is expected that applications will experience various types of faults, errors and failures, which will require applications to apply multiple resilience solutions across the system stack. The proposed metrics are intended to be useful for understanding the combined impact of these solutions on an application's ability to produce correct results and to evaluate their overall impact on an application's performance in the presence of various modes of faults.

Current threat models typically consider all possible ways an attacker can penetrate a system and assign probabilities to each path according to some metric (e.g. time-to-compromise). In this paper we discuss how this view hinders the realness of both technical (e.g. attack graphs) and strategic (e.g. game theory) approaches of current threat modeling, and propose to steer away by looking more carefully at attack characteristics and attacker environment. We use a toy threat model for ICS attacks to show how a realistic view of attack instances can emerge from a simple analysis of attack phases and attacker limitations.

Application-level data management middleware solutions are becoming increasingly compelling to deal with the complexity of a multi-cloud or federated cloud storage and multitenant storage architecture. However, these systems typically support traditional data mapping strategies that are created under the assumption of a fixed and rigorous database schema, and mapping data objects while supporting varying data confidentiality requirements therefore leads to fragmentation of data over distributed storage nodes. This introduces performance over-head at the level of individual database transactions and negatively affects the overall scalability. This paper discusses these challenges and highlights the potential of leveraging the data schema flexibility of NoSQL databases to accomplish dynamic and fine-grained data encryption in a more efficient and scalable manner. We illustrate these ideas in the context of an industrial multi-tenant SaaS application.

A program exhibits trigger-based behavior if it performs undocumented, often malicious, functions when the environmental conditions and/or specific input values match some pre-specified criteria. Checking whether such hidden functions exist in the program is important for increasing trustworthiness of software. In this paper, we propose a framework to effectively detect trigger-based behavior at the source code level. Our approach is semi-automated: We use automated source code instrumentation and mixed concrete and symbolic execution to generate potentially suspicious test cases that may trigger hidden, potentially malicious functions. The test cases must be investigated by a human analyst manually to decide which of them are real triggers. While our approach is not fully automated, it greatly reduces manual work by allowing analysts to focus on a few test cases found by our automated tools.

As intelligent agents learn to behave increasingly autonomously and simulate a high level of intelligence, human interaction with them will be increasingly unpredictable. Would you accept an unexpected and sometimes irrational but actually correct recommendation by an agent you trust? We performed two experiments in which participants played a game. In this game, the participants chose a path by referring to a recommendation from the agent in one of two experimental conditions:the correct or the faulty condition. After interactions with the agent, the participants received an unexpected recommendation by the agent. The results showed that, while the trust measured by a questionnaire in the correct condition was higher than that in the faulty condition, there was no significant difference in the number of people who accepted the recommendation. Furthermore, the trust in the agent made decision time significantly longer when the recommendation was not rational.

Local-area networks comprising the Internet of Things (IoT) consist mainly of devices that have limited processing capabilities and face energy constraints. This has an implication on developing security mechanisms, as they require significant computing resources. In this paper, we design a trust-based routing solution with IoT devices in mind. Specifically, we propose a trust-based approach for managing the reputation of every node of an IoT network. The approach is based on the emerging Routing Protocol for Low power and Lossy networks (RPL). The proposed solution is simulated for its routing resilience and compared with two other variants of RPL.

With the increasing popularity of virtual currencies, it has become more important to have highly secure devices in which to store private-key information. Furthermore, ARM has made available an extension of processors architectures, designated TrustZone, which allows for the separation of trusted and non-trusted environments, while ensuring the integrity of the OS code. In this paper, we propose the exploitation of this technology to implement a flexible and reliable bitcoin wallet that is more resilient to dictionary and side-channel attacks. Making use of the TrustZone comes with the downside that writing and reading operations become slower, due to the encrypted storage, but we show that cryptographic operations can in fact be executed more efficiently as a result of platform-specific optimizations.

Logic locking is an intellectual property (IP) protection technique that prevents IP piracy, reverse engineering and overbuilding attacks by the untrusted foundry or endusers. Existing logic locking techniques are all vulnerable to various attacks, such as sensitization, key-pruning and signal skew analysis enabled removal attacks. In this paper, we propose TTLock that provably withstands all known attacks. TTLock protects a designer-specified number of input patterns, enabling a controlled and provably-secure trade-off between key-pruning attack resilience and removal attack resilience. All the key-bits converge on a single signal, creating maximal interference and thus resisting sensitization attacks. And, obfuscation is performed by modifying the design IP in a secret and traceless way, thwarting signal skew analysis and the removal attack it enables. Experimental results confirm our theoretical expectations that the computational complexity of attacks launched on TTLock grows exponentially with increasing key-size, while the area, power, and delay overhead increases only linearly.

Mature push button tools have emerged for checking trace properties (e.g. secrecy or authentication) of security protocols. The case of indistinguishability-based privacy properties (e.g. ballot privacy or anonymity) is more complex and constitutes an active research topic with several recent propositions of techniques and tools. We explore a novel approach based on type systems and provide a (sound) type system for proving equivalence of protocols, for a bounded or an unbounded number of sessions. The resulting prototype implementation has been tested on various protocols of the literature. It provides a significant speed-up (by orders of magnitude) compared to tools for a bounded number of sessions and complements in terms of expressiveness other state-of-the-art tools, such as ProVerif and Tamarin: e.g., we show that our analysis technique is the first one to handle a faithful encoding of the Helios e-voting protocol in the context of an untrusted ballot box.

This one-day workshop intends to bring together both academics and industry practitioners to explore collaborative challenges in speech interaction. Recent improvements in speech recognition and computing power has led to conversational interfaces being introduced to many of the devices we use every day, such as smartphones, watches, and even televisions. These interfaces allow us to get things done, often by just speaking commands, relying on a reasonably well understood single-user model. While research on speech recognition is well established, the social implications of these interfaces remain underexplored, such as how we socialise, work, and play around such technologies, and how these might be better designed to support collaborative collocated talk-in-action. Moreover, the advent of new products such as the Amazon Echo and Google Home, which are positioned as supporting multi-user interaction in collocated environments such as the home, makes exploring the social and collaborative challenges around these products, a timely topic. In the workshop, we will review current practices and reflect upon prior work on studying talk-in-action and collocated interaction. We wish to begin a dialogue that takes on the renewed interest in research on spoken interaction with devices, grounded in the existing practices of the CSCW community.